Create the XSLT Transform

For the next step, the goal is to extract relevant data from an XML file using XSL Transforms. Start by creating an XSL Transform, which is required to extract relevant data from the file. As an example, assume we need to extract the “name” element from an XML. The following XSLT will extract the information required:

<?xml version="1.0" encoding="UTF-8"?>

<xsl:stylesheet version="1.0" xmlns:xsl="">

<xsl:output method="text"/>


<xsl:template match="result">

<xsl:for-each select="entry">

+ <xsl:value-of select="name"/>





Once the XSLT is created, save it in a convenient place for testing in the next step. This example can be saved as pa.xsl.

When using a custom XSLT in an .audit, the first 3 three lines and the last 2 lines should be ignored. Those standard lines are added by the Nessus plugin nbin during processing. In this example, lines 5-8 are the ones of interest that will need to be used in the AUDIT_XML or AUDIT_REPORTS item.

The testing process in Step 5 can also be used while building the XSLT to validate assumptions and/or new techniques. This process is especially useful if you are new to XSLT or working on more complex transforms.